Skip to content

Commit 48c7d78

Browse files
blakedrummblakedrumm
authored
Add days of data ⚡
1 parent b171eb9 commit 48c7d78

1 file changed

Lines changed: 21 additions & 7 deletions

File tree

SQL Queries/Data Warehouse/DW_Events_ByNumber.sql

Lines changed: 21 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,21 @@
1-
--Most common events by event number and raw event description and computer name (this will take a very long time to run but it shows us not only event ID – but a description of the event to help understand which MP is the generating the noise)
2-
SELECT top 100 evt.EventDisplayNumber, evtd.RawDescription, evtlc.ComputerName, COUNT(*) AS TotalEvents
3-
FROM Event.vEvent evt
4-
inner join Event.vEventDetail evtd on evt.eventoriginid = evtd.eventoriginid
5-
inner join vEventLoggingComputer evtlc on evt.LoggingComputerRowId = evtlc.EventLoggingComputerRowId
6-
GROUP BY evt.EventDisplayNumber, evtd.RawDescription, evtlc.ComputerName
7-
ORDER BY TotalEvents DESC
1+
-- Selects the top 100 records from the result set
2+
SELECT TOP 100
3+
evt.EventDisplayNumber, -- Display number of the event
4+
evtd.RawDescription, -- Raw description of the event
5+
evtlc.ComputerName, -- Name of the computer logging the event
6+
COUNT(*) AS TotalEvents, -- Total number of events aggregated by display number, description, and computer name
7+
DATEDIFF(DAY, MIN(evt.DateTime), MAX(evt.DateTime)) + 1 AS DaysOfData -- Calculates the span of days between the earliest and latest event dates for each group
8+
FROM
9+
Event.vEvent AS evt -- From the main events table
10+
INNER JOIN
11+
Event.vEventDetail AS evtd -- Joined with event details on EventOriginId
12+
ON evt.EventOriginId = evtd.EventOriginId
13+
INNER JOIN
14+
vEventLoggingComputer AS evtlc -- Joined with the event logging computer table on LoggingComputerRowId
15+
ON evt.LoggingComputerRowId = evtlc.EventLoggingComputerRowId
16+
GROUP BY
17+
evt.EventDisplayNumber, -- Groups the results by event display number,
18+
evtd.RawDescription, -- raw event description,
19+
evtlc.ComputerName -- and computer name
20+
ORDER BY
21+
TotalEvents DESC -- Orders the results by the total number of events, in descending order

0 commit comments

Comments
 (0)